Playing Whack-a-Mole: Results of the 2017 SANS Threat Landscape Survey

Bethesda, Md. – Endpoints - and the users behind them - are on the front line in today's security battles, according to results of a new survey on the threat landscape to be released by SANS Institute on Tuesday, August 15.

"Users and their endpoints are still in the cross hairs," says Lee Neely, SANS Analyst, Mentor Instructor and author of the survey report. "Traditional and malware-less threats keep popping up at every corner, making our jobs as defenders resemble an ongoing game of Whack-a-Mole to keep them at bay."

Phishing (72%), spyware (50%), ransomware (49%) and Trojans (47%) are the threats most seen by respondents' organizations, but not all of these have significant impact. When it comes to impact, phishing causes the most damage, and 40% of survey respondents experienced phishing attacks, including spearphishing and whaling in the last year.

Almost one-third of respondents also experienced a malware-less threat entering their organization, impacting IT systems and adding to IT staff workload. These attacks are more difficult to find because they can't be detected by signature-based technologies. Scripting attacks were the most common malware-less incident, while credential compromise or privilege escalation caused the most impact.

Few of the threats respondents faced were new zero-day threats, with 76% admitting that under 10% of the significant threats they saw were zero-day.

"Today's threats predominately leverage the same old vulnerabilities and techniques," according to Neely. "The time is ripe to change our protections as well as remediation processes to stem the tide of successful threat vectors."

Users are also part of the solution, with 37% of respondents indicating that calls to the help desk helped them discover their most impactful threats. According to the survey results, user training, improved operational security practices and improved visibility into network and endpoint behavior are the top measures to improve threat prevention success and reduce the need to play Whack-a-Mole.

Full results will be shared during a webcast on Tuesday, August 15 at 1 PM EDT, sponsored by Cylance, FireEye, McAfee, and Qualys, and hosted by SANS. Register to attend the webcast at

Those who register for the webcast will also receive access to the published results paper developed by SANS Analyst and network security expert, Lee Neely.

Tweet This:

Stop playing Whack-a-Mole with security. Learn best practices. | Aug. 15, 1 PM Eastern | Register:

Users and endpoints at risk. Explore the threats they face and how to protect them. | Register for 8/15 webcast:

No need for zero-day threats, old vulnerabilities still work. Learn improvements needed. | 8/15 webcast:

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions world-wide. Renowned SANS instructors teach more than 60 courses at in-person and virtual cyber security training events and on demand. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (